Next month, an Iowa City police officer will introduce technology at the International Association of Chiefs of Police Conference in Chicago that could help law enforcement recover Wi-Fi-capable devices.

[...]

Law enforcement officers using L8NT would plug the USB device into their in-car laptops. The device would scan MAC addresses, looking for matches to known stolen items. The device has a range of about 300 feet and can be attached to a directional antenna to allow police to determine where the signal is coming from and obtain a warrant.

Weirdly, the thing that it could do best (caveats forthcoming) isn't the thing Officer David Schwindt wants it to be used for. Sure, recovering the occasional stolen cellphone or tablet is cool. But you know what's really cool? Whatever the hell it is that Schwindt thinks it could be used for, but would rather not discuss in detail.

“I foresee law enforcement using L8NT software to solve higher-level crimes,” said Schwindt, a 14-year veteran of the department.

“If your cellphone is stolen from a bar ... that’s not necessarily what L8NT is intended for. But, if your home is burglarized and your cellphone is stolen, now, as a police chief, I’m interested” in that technology.

Even though it could be used passively to run MAC addresses against a hot sheet, it probably won't be. Instead, it will take a criminal act of more severity before officers will even think about plugging the device in. Or it could just be used to perform an "audit" of any home's electronic devices… because child porn is a problem.

Schwindt said the idea for the product came to him after taking a Small Office/Home Office investigations class. The class discussed child porn investigations and doing a “wireless audit” of a suspect’s residence to look for devices that would hold evidence and illegal material. The class taught investigators to scan for MAC addresses.

Schwint does point out that his invention won't be able to pick up any additional information sent from devices. It will only acquire the MAC address. (I imagine future law enforcement clients will soon be making efforts to take the governor off the data hauler...) Locating stolen devices via L8NT "wardriving" could lead to the recovery of more stolen electronics. Or it may prove mostly useless.

Manufacturers re-use MAC Addresses and they ship cards with duplicate addresses to different parts of the United States or the world so that there is only a very small chance two computers with network cards with the same MAC Address will end up on the same network.

Now, the odds are small that police will run into conflicting, duplicate addresses, but this fact makes it impossible to guarantee that tracking down a MAC address actually means tracking down a stolen device. For that reason alone, L8NT's architecture may be changed to grab more identifying info… which will lead to more questions about the constitutionality of the device, which will act like a low-level search of a home's electronics. Its impact will also be blunted by the information it seeks, considering not every device is assigned a MAC address and addresses are unobtainable unless they're turned on and connected to a Wi-Fi network.

I wouldn't necessarily bash this officer's idea, as it does achieve certain law enforcement goals without having to carve another slice out of the Fourth Amendment. But I'm hardly convinced this will remain a low-level surveillance device subject to built-in limitations. The best evidence for this is the officer's statements themselves. It's an electronics-sniffing device conceived during a discussion of child porn investigations and which has triggered happy visions of high-profile busts in its inventor's head. Nothing about that combination bodes well for the built-in limitations surviving future iterations of L8NT. Add in the fact that a MAC address isn't a perfect identifier and you've got a recipe for trouble.

from the only-the-second-one-is-true dept

Whenever we write about Aaron Swartz and the criminal prosecution against him, some of our (and Aaron's) critics scream that it was "obvious" that he knew he was up to no good, because he chose to spoof his MAC address on the machine he used to download JSTOR articles. Of course, as many people explained, spoofing a MAC address isn't some crazy nefarious thing to do, and often makes a lot of sense. In fact, Apple recently announced that iOS 8 will have randomized MAC addresses to better protect people's privacy. Simply speaking: Apple is making "MAC spoofing" standard. And, as the folks over at EFF are noting, this is a very good thing for your privacy.

This, of course, is one of the unfortunate results when you have law enforcement folks who simply don't understand much technology. People who actually understand both privacy and the ways you might approach problems you face on the internet, recognize that things like MAC spoofing are perfectly reasonable to do at times -- but such actions are twisted by law enforcement as being nefarious and dangerous because it makes it easier to "build a case" and because they don't understand how perfectly common such actions are.

Investigators tracked the threatening posts back to Ragsdale through an IP address provided by Ask.fm. An analysis of subpoenaed University of Wisconsin records indicated that the IP address was assigned to Ragsdale’s student account, and that the “rragsdale” account accessed the girl’s Ask.fm profile page on the evening the threats were sent...

The affidavit sworn by FBI Agent Malia Pereira alleges that Ragsdale sent the teen a series of violent and sexually graphic messages. The victim’s parents, Pereira added, were particularly concerned since the girl’s Ask.fm account was linked to her Facebook and Twitter profiles, leaving her identifiable.

Prior to executing the search warrant, FBI SA Nicol told me that, during execution of the warrant, I should look for a Mac computer, because the network connection logs provided by Jeffrey Savoy showed a Mac address, indicating some type of Mac/Apple computer or hardware was used.

No one expects every agent in the FBI to be thoroughly versed in network terminology but a MAC address is one of the basics any agent seeking to extract personal info using nothing but IP addresses and subpoenas should know. If these basics aren't nailed down, agents lacking this crucial knowledge will be stymied by their own ignorance. They won't know what they're looking for or how to get it. Their subpoena and warrant requests risk being laughed out of the judge's chambers. The worst case scenario is that someone dangerous eludes arrest because the pursuing agent(s) is tangled in terminology he or she doesn't understand. Actually, the real worst case scenario is someone innocent being tossed into the gears of the judicial system because an agent had no idea what he or she was looking at -- or looking for.

Kudos, I guess, to Agent Pereira for getting her man, despite the "help" offered by SA Nicol, whose name is all over this affidavit. But one wonders what would have happened if Ragsdale's computer happened to be a PC. My guess? Additional charges under the CFAA for "spoofing a 'Mac' address."